Online Doctor Appointment System 1.0 Cross Site Scripting

Online Doctor Appointment System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

MD5 | 76c223f15acb1a444605758caefc7bb2

# Exploit Title: Online Doctor Appointment System  1.0 -  Multiple Stored XSS
# Tested on: Windows 10
# Exploit Author: Mohamed habib Smidi (Craniums)
# Date: 2021-01-08
# Vendor Homepage:
# Software Link:
# Affected Version: Version 1

Step 1: Login to the doctor account in http://TARGET/doctorappointmentsystem/adminlogin.php
Step 2: then Click on the username and go to profile
Step 3: Click on Update profile.
Step 4: Input "<script>alert("craniums")</script>" in the field First Name,Last Name and Address.
Step 5: This Will trigger the payload each time you update or visit a new page.

Related Posts